Hi All,
Question that has been bugging me for awhile...
We have an ssh login host we've protected with Duo's 2FA pam module. We're
allowing both password auth and ssh-keys. Problem is, those users with a
valid ssh key are instantly allowed to log in-the pam stack for the duo .so
module never gets called, and the users are never prompted for 2FA.
Is there a way to compel the execution of PAM modules before OpenSSH
completes the login process for the user? This is OpenSSH 7.4p1 on a RHEL
7.9 system btw....
Thanks a bunch!
-Jeff
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Question that has been bugging me for awhile...
We have an ssh login host we've protected with Duo's 2FA pam module. We're
allowing both password auth and ssh-keys. Problem is, those users with a
valid ssh key are instantly allowed to log in-the pam stack for the duo .so
module never gets called, and the users are never prompted for 2FA.
Is there a way to compel the execution of PAM modules before OpenSSH
completes the login process for the user? This is OpenSSH 7.4p1 on a RHEL
7.9 system btw....
Thanks a bunch!
-Jeff
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev